如何在基于 Spring Security 的 CAS 客户端中访问/使用自定义属性

发布于 2024-08-27 01:31:26 字数 1254 浏览 8 评论 0原文

身份验证成功后,我需要从服务器向客户端发送某些属性(例如,人类可读的用户名)。服务器部分完成。现在属性已发送到客户端。从日志中,我可以看到:

2010-03-28 23:48:56,669 调试 Cas20ServiceTicketValidator:185 - 服务器响应:http://www.yale.edu/tp/cas'> [电子邮件受保护]

 PGTIOU-1-QZgcN61oAZcunsC9aKxj-cas;



        

                测试帐户 1

        

 

但是,我不知道如何访问该属性在客户端(我使用的是 Spring security 2.0.5)。

在authenticationProvider中,userDetailsS​​ervice被配置为读取经过身份验证的主体的数据库。

<bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
    <sec:custom-authentication-provider />
    <property name="userDetailsService" ref="clerkManager"/>
    <!-- other stuff goes here -->
</bean>

现在在我的控制器中,我可以轻松地执行此操作:

 Clerk currentClerk = (Clerk)SecurityContextHolder.getContext().getAuthentication().getPrincipal();

理想情况下,我可以以某种方式将属性填充到此 Clerk 对象作为另一个属性。如何做到这一点?

或者在 CAS 的集中性质下,在所有应用程序之间共享属性的推荐方法是什么?

I need send certain attributes(say, human readable user name) from server to client after a successful authentication. Server part was done. Now attribute was sent to client. From log, I can see:

2010-03-28 23:48:56,669 DEBUG
Cas20ServiceTicketValidator:185 -
Server response: http://www.yale.edu/tp/cas'>

[email protected]

        <cas:proxyGrantingTicket>PGTIOU-1-QZgcN61oAZcunsC9aKxj-cas</cas:proxyGrantingTicket>



        <cas:attributes>

                <cas:FullName>Test account 1</cas:FullName>

        </cas:attributes>

</cas:authenticationSuccess> </cas:serviceResponse>

Yet, I don't know how to access the attribute in client(I am using Spring security 2.0.5).

In authenticationProvider, a userDetailsService is configured to read db for authenticated principal.

<bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
    <sec:custom-authentication-provider />
    <property name="userDetailsService" ref="clerkManager"/>
    <!-- other stuff goes here -->
</bean>

Now in my controller, I can easily do this:

 Clerk currentClerk = (Clerk)SecurityContextHolder.getContext().getAuthentication().getPrincipal();

Ideally, I can fill the attribute to this Clerk object as another property in some way. How to do this?

Or what is recommended approach to share attributes across all apps under CAS's centralized nature?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

只为守护你 2024-09-03 01:31:26

对于 SpringSecurity - 您需要升级到 3.x 才能通过内置支持利用 CAS 属性,请参阅:GrantedAuthorityFromAssertionAttributesUserDetailsS​​ervice.java

它看起来不像 SpringSecurity 2.x 基于 CAS 属性填充 - 如果您查看:

CasAuthenticationProvider。 java at getUserDetailsS​​ervice():

/**
 * Template method for retrieving the UserDetails based on the assertion.  Default is to call configured userDetailsService and pass the username.  Deployers
 * can override this method and retrieve the user based on any criteria they desire.
 * 
 * @param assertion The CAS Assertion.
 * @returns the UserDetails.
 */
protected UserDetails loadUserByAssertion(final Assertion assertion) {
    return this.userDetailsService.loadUserByUsername(assertion.getPrincipal().getName());
}

如果您出于某种原因必须保留在 2.x 上,您当然可以使用 UserDetails 实现覆盖它。

For SpringSecurity - you need to upgrade to 3.x to leverage CAS attributes via the built-in support, see: GrantedAuthorityFromAssertionAttributesUserDetailsService.java

It doesn't look like SpringSecurity 2.x populates based on CAS attributes - if you look at:

CasAuthenticationProvider.java at getUserDetailsService():

/**
 * Template method for retrieving the UserDetails based on the assertion.  Default is to call configured userDetailsService and pass the username.  Deployers
 * can override this method and retrieve the user based on any criteria they desire.
 * 
 * @param assertion The CAS Assertion.
 * @returns the UserDetails.
 */
protected UserDetails loadUserByAssertion(final Assertion assertion) {
    return this.userDetailsService.loadUserByUsername(assertion.getPrincipal().getName());
}

You could of course override this with a UserDetails implementation, if you have to stay on 2.x for some reason.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文